NOTE: This is for education purpose only
Good Evening friends, today we will see about arbitrary file access vulnerability in Kodi 15. For those guys who have no idea what Kodi is, it is “an award-winning free and open source cross-platform software media player and entertainment hub for HTPCs. Kodi can be used to play almost all popular audio and video formats around.” We will exploit a LFI vulnerability in its web interface.
Before we start, let me make clear that the credit for finding this vulnerability goes to one “MICHAEL PRONK” of exploit-db. I am just showing how to use that exploit. The exploit is shown below.
Ok, now let’s see it in real time. Open Shodan ( which means you should have an account there ) and search for “title:kodi os:linux” as shown below. We are searching for all Linux machines with Kodi installed on them. The results will be as shown below.
Now open any one interface. It should look like below. Kodi, by default runs on port 8080.
Now we will try to access the passwd file available in this Linux machines. Just after port number, try this query
as shown below. You should get the contents of passwd file as shown below.
Here’s another example.